Add host exclusions to ldap password spray alert

alerts/ldap_password_spray.conf

@@ -1,3 +1,4 @@
 [options]
 threshold_count = 1
-search_depth_min = 60
+search_depth_min = 60
+host_exclusions = foo.example.com,bar.example.com

alerts/ldap_password_spray.py

@@ -13,8 +13,12 @@ import re
 
 class AlertLdapPasswordSpray(AlertTask):
     def main(self):
-        self.parse_config('ldap_password_spray.conf', ['threshold_count', 'search_depth_min'])
+        self.parse_config('ldap_password_spray.conf', ['threshold_count', 'search_depth_min', 'host_exclusions'])
         search_query = SearchQuery(minutes=int(self.config.search_depth_min))
+
+        for host_exclusion in self.config.host_exclusion.split(","):
+            search_query.add_must_not([TermMatch("hostname", host_exclusion)])
+
         search_query.add_must([
             TermMatch('category', 'ldap'),
             TermMatch('details.response.error', 'LDAP_INVALID_CREDENTIALS')